Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2016-10817

    cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123).... Read more

    Affected Products : cpanel
    • EPSS Score: %0.39
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-20955

    Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to FTP access as root. NOTE: all affected customers were migrated by 2020-08-31.... Read more

    • EPSS Score: %1.04
    • Published: Aug. 08, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-12618

    HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver.... Read more

    Affected Products : nomad
    • EPSS Score: %0.70
    • Published: Aug. 12, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-15027

    The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a filename under /data, because clear_emmc_nomedia_entry in pla... Read more

    • EPSS Score: %2.36
    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-12103

    The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by a pre-authentication command injection vulnerability.... Read more

    Affected Products : m7350_firmware m7350
    • EPSS Score: %4.17
    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2016-10927

    The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php.... Read more

    Affected Products : nelio_ab_testing
    • EPSS Score: %0.45
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-11030

    Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys.Common.Utils.Security.DataCrypt method in Common.dll in AuditTrailService in SMServer.exe. This method triggers insecure deserialization within the .NET garbage collector, in which a g... Read more

    Affected Products : mirasys_vms
    • EPSS Score: %0.37
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-11031

    Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-update feature of IDVRUpdateService2 in DVRServer.exe. An attacker can upload files with a Setup-Files action, and then execute these files with SYSTEM privileges.... Read more

    Affected Products : mirasys_vms
    • EPSS Score: %0.44
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-6695

    Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods.... Read more

    Affected Products : fortimanager
    • EPSS Score: %0.26
    • Published: Aug. 23, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2019-13020

    The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse. First, a specially crafted URL could be used in a phishing attack to hijack the trust the user and the browser have with the... Read more

    • EPSS Score: %0.39
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-7974

    Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : macos photoshop_cc windows
    • EPSS Score: %27.47
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-15497

    Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box 9.2.3 through 11.1.4 and other products, has default credentials that allow remote attackers to access devices remotely via SSH, HTTP, HTTPS, and FTP.... Read more

    • EPSS Score: %1.54
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2019-11061

    A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3... Read more

    Affected Products : hg100_firmware hg100
    • EPSS Score: %9.21
    • Published: Aug. 29, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-10891

    An issue was discovered in D-Link DIR-806 devices. There is a command injection in function hnap_main, which calls system() without checking the parameter that can be controlled by user, and finally allows remote attackers to execute arbitrary shell comma... Read more

    Affected Products : dir-806_firmware dir-806
    • EPSS Score: %74.96
    • Published: Sep. 06, 2019
    • Modified: Jan. 09, 2025

  • 10.0

    HIGH
    CVE-2019-13473

    TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have an undocumented TELNET service withi... Read more

    • EPSS Score: %0.72
    • Published: Sep. 11, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2019-16650

    On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, a... Read more

    • EPSS Score: %0.66
    • Published: Sep. 21, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2019-16932

    A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data.... Read more

    Affected Products : visualizer
    • EPSS Score: %81.25
    • Published: Sep. 30, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-2130

    In CompilationJob::FinalizeJob of compiler.cc, there is a possible remote code execution due to type confusion. This could lead to escalation of privilege from a malicious proxy configuration with no additional execution privileges needed. User interactio... Read more

    Affected Products : android
    • EPSS Score: %1.10
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-12157

    In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.... Read more

    Affected Products : teamcity upsource
    • EPSS Score: %0.00
    • Published: Oct. 02, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-17124

    Kramer VIAware 2.5.0719.1034 has Incorrect Access Control.... Read more

    Affected Products : viaware
    • EPSS Score: %23.81
    • Published: Oct. 09, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 290954 Results